diff options
| author | Fredrik Rinnestam <fredrik@crux.nu> | 2013-08-27 18:51:52 +0200 |
|---|---|---|
| committer | Fredrik Rinnestam <fredrik@crux.nu> | 2013-08-28 18:13:16 +0200 |
| commit | b049fc6c70f8409810706e7da318f82cb78d3ba2 (patch) | |
| tree | cbc257a04bd7ebd07606ce12f166db9f98b78c8d /libtiff | |
| parent | 9b7ad8383e07090e3e8dad3c9ef9d0bad8f58345 (diff) | |
| download | opt-b049fc6c70f8409810706e7da318f82cb78d3ba2.tar.gz opt-b049fc6c70f8409810706e7da318f82cb78d3ba2.tar.xz | |
[notify] libtiff: patched for CVE-2013-4244
Diffstat (limited to 'libtiff')
| -rw-r--r-- | libtiff/.md5sum | 1 | ||||
| -rw-r--r-- | libtiff/Pkgfile | 8 | ||||
| -rw-r--r-- | libtiff/lzw-oob-write.patch | 18 |
3 files changed, 24 insertions, 3 deletions
diff --git a/libtiff/.md5sum b/libtiff/.md5sum index 40fe6392f..502f7049a 100644 --- a/libtiff/.md5sum +++ b/libtiff/.md5sum @@ -1,3 +1,4 @@ 6c1189a715708edc8ba926977b33895f gif2tiff-buffer-overflow.patch +2c0dabc854c95e7453fc56d2fd50a503 lzw-oob-write.patch 051c1068e6a0627f461948c365290410 tiff-4.0.3.tar.gz 35aee7eea6949c2d26ffa52872991115 tiff2pdf_use-after-free.patch diff --git a/libtiff/Pkgfile b/libtiff/Pkgfile index 6e9a6cd93..fa8a1046d 100644 --- a/libtiff/Pkgfile +++ b/libtiff/Pkgfile @@ -1,18 +1,20 @@ # Description: Library for manipulation of TIFF (Tag Image File Format) images -# URL: http://libtiff.maptools.org/ +# URL: http://www.remotesensing.org/libtiff/ # Maintainer: Fredrik Rinnestam, fredrik at crux dot nu # Depends on: libjpeg, zlib name=libtiff version=4.0.3 -release=2 +release=3 source=(http://download.osgeo.org/libtiff/tiff-$version.tar.gz \ - gif2tiff-buffer-overflow.patch tiff2pdf_use-after-free.patch) + gif2tiff-buffer-overflow.patch tiff2pdf_use-after-free.patch lzw-oob-write.patch) build() { cd tiff-$version patch -d tools -p0 -i $SRC/tiff2pdf_use-after-free.patch patch -d tools -p0 -i $SRC/gif2tiff-buffer-overflow.patch + patch -d tools -p0 -i $SRC/lzw-oob-write.patch + ./configure --prefix=/usr --mandir=/usr/man make make DESTDIR=$PKG install diff --git a/libtiff/lzw-oob-write.patch b/libtiff/lzw-oob-write.patch new file mode 100644 index 000000000..674afc6c5 --- /dev/null +++ b/libtiff/lzw-oob-write.patch @@ -0,0 +1,18 @@ +Index: gif2tiff.c +=================================================================== +RCS file: /cvs/maptools/cvsroot/libtiff/tools/gif2tiff.c,v +retrieving revision 1.12 +diff -u -r1.12 gif2tiff.c +--- gif2tiff.c 15 Dec 2010 00:22:44 -0000 1.12 ++++ gif2tiff.c 14 Aug 2013 04:28:07 -0000 +@@ -398,6 +398,10 @@ + } + + if (oldcode == -1) { ++ if (code >= clear) { ++ fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear); ++ return 0; ++ } + *(*fill)++ = suffix[code]; + firstchar = oldcode = code; + return 1; |